nics: Support PASST user mode backend

[mvollmer]

Fixes #2186
Demo: https://youtu.be/L-EWj0dmgoo
Obsolete demo with choice, shows more about port forwarding: https://youtu.be/mhwTZ3CW8iI

• Validate inputs, tests
• Don't clear old port forwards when new ones will not be accepted by virt-xml. Done by first letting virt-xml override the old elements we want to keep, and then explicitly removing the old ones we don't want to keep.
• coverage

---

Machines: Support for network port forwarding

Cockpit can now configure port forwarding for virtual machines on the user session.

[Venefilyn]

Checking out the demos. I think the simple port forwarding is fine for now but the complex editing requires a lot more work IMO. It isn't intuitive and the alignment is all over the place.

I think we should experiment with what works for the complex one in a separate PR and keep simple port forwarding here.

[Venefilyn]

Why do we display "Userspace SLIRP stack" and such to begin with? Feels a bit weird to me to have it displayed in the select vs just writing "slirp" and "passt". We can in the select dropdown have a description for each entry to make it easier, which would look like this: https://www.patternfly.org/components/menus/menu#with-descriptions

[mvollmer]

In the latest version, there is no user choice anymore between slirp and passt. Cockpit switches from slirp to passt as required, but will never switch back.

[Venefilyn]

I meant, why do we have "Userspace SLIRP stack" instead of just "slirp"?

[mvollmer]

I meant, why do we have "Userspace SLIRP stack" instead of just "slirp"?

I don't know. Personally, I would like to avoid saying "slirp" or "passt" in the UI at all. The user should not need to make a decision between the two.

[Venefilyn]

I really dislike having one-letter variables and would much rather want to keep it expanded a bit

[Venefilyn]

Lets split this out to an interface too

interface SimplePortForwardProps {
   // ...
}
const SimplePortForward = ({...}): SimplePortForwardProps {...}

[mvollmer]

Checking out the demos. I think the simple port forwarding is fine for now but the complex editing requires a lot more work IMO. It isn't intuitive and the alignment is all over the place.

Yes, I didn't try at all to make it nice.

I think we should experiment with what works for the complex one in a separate PR and keep simple port forwarding here.

I think we can postpone that indefinitely until there is clear demand.

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[mvollmer]

• 22 -> 22/tcp even if the port is the same.

• change display of the ip addres to 127.0.0.1:22 -> 22/tcp

• 8080-8090 → 80-90 this does not show it is tcp

Very good suggestions!

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[jelly]

minor validation issues

@jelly, there was and is no validation what so ever in that dialog, unfortunately. For example, invalid MACs also just cause ERROR XML error: unable to parse mac address '52:54:00:8c:a7:7cvvvvv'

Input validation is of course nice. So should I add it?

Aha, should we make this a follow up then if the whole dialog misses it?

[mvollmer]

Ouch, when there is an error adding the new port forwards, we already have cleared out the old ones...

[Venefilyn]

change display of the ip addres to 127.0.0.1:22 -> 22/tcp

I agree with this. Looks a lot better and it's following the expected IP:PORT

[mvollmer]

minor validation issues

@jelly, there was and is no validation what so ever in that dialog, unfortunately. For example, invalid MACs also just cause ERROR XML error: unable to parse mac address '52:54:00:8c:a7:7cvvvvv'
Input validation is of course nice. So should I add it?

Aha, should we make this a follow up then if the whole dialog misses it?

Nah, I have started on it.

I find this whole topic annoying: We have no clear guidelines and no shareable code and every dialog turns into a spaghetti monster, and does validation slightly differently from any other. [dramatic exaggeration] But I am ready now to do something about this!

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[tomasmatus]

the button alignment here is not quite right, it's more towrds bottom rather than being on center with the other groups.
You'll need to add the following css to the button element. Same as in podman.

Suggested change

	align-items: flex-end;
	align-items: flex-end;
	+
	+ button {
	+ margin-block-end: var(--pf-t--global--spacer--xs);
	+ }

Before:

After:

[mvollmer]

Yes, I also noticed that the trashcan is way out of alignment when there is helper text:

[mvollmer]

I had to align from the top, with a ugly computation:

        align-items: flex-start;
        button {
            margin-block-start: calc(var(--pf-v6-c-form__label--LineHeight) * var(--pf-v6-c-form__label--FontSize) +
                                     var(--pf-v6-c-form__group--Gap) +
                                     var(--pf-t--global--spacer--xs));
        }

[tomasmatus]

argh, yes. I forgot about the additional padding when helper text shows up. Good catch! And the same problem also needs to be fixed in c-podman's port forwarding.

[tomasmatus]

I'd be careful about ipaddr.isValid as it uses ipaddr.IPv4.isValid which also considers "short" variants of IPv4 to be valid. Is libvirt OK with it when it receives IPv4 address that isn't in the typical 4 octets format? AFAIK there is no RFC for such format and you might want to use ipaddr.IPv4.isValidFourPartDecimal instead.

ipaddr.IPv6.isValid which is used in the background should be fine from what I remember from cockpit networking page.

I'd change this to (ipaddr.IPv4.isValidFourPartDecimal(addr) || ipaddr.IPv6.isValid(addr)

[tomasmatus]

after testing it it looks like it's fine or some part of JS code expands the format. Inputting 10.10 into the address field and clicking save changes it to 10.0.0.10.

[mvollmer]

Ok, thanks for checking!

[cockpituous]

There are more than 10 code coverage comments, see the full report here.

[cockpituous]

This added line is not executed by any test. Details

[cockpituous]

This added line is not executed by any test. Details

[cockpituous]

These 3 added lines are not executed by any test. Details

[cockpituous]

This added line is not executed by any test. Details

[cockpituous]

This added line is not executed by any test. Details

[cockpituous]

This added line is not executed by any test. Details

[cockpituous]

This added line is not executed by any test. Details

[cockpituous]

This added line is not executed by any test. Details

[cockpituous]

This added line is not executed by any test. Details

[cockpituous]

This added line is not executed by any test. Details